Question:
I opened a discussion a while WS-C3750X-48PF-L ago and had
some great feedback but I am still racking my brains to figure this out
I have 2 routers each with a dedicated
connection to the same ISP. I am using MED to influence my advertisements to
the provider
I have 2 core switches (6509) with multiple
vlans, each vlan has an HSRP address of .10 shared by the switches
My routers and switches are using iBGP to
communicate. Both routers connect to vlan 1 on the core switches
I want to influence my traffic from the
vlans to go to specific routers, so that I utilize both routes at all times
(when possible), ensuring symmetric routing at the same time.
I think I have the following options
- PBR, I'd set this on the routers
fastethernet interfaces and match based an two different ACLs
set
the next hop as the ISP router 1 when matching ACL 1
set
the next hop as the ISP router 2 when matching ACL 2
My
concern is if I lose a link (say to ISP router 1), all traffic matched by ACL 1
is blackholed
- HSRP was suggested to me.
configure 2 standby groups on the routers with different priorities
allocate different HSRP addresses matching each vlan (to act as a core
switch default gateway)
My
concern here is I'd need the routers HSRP virtual IP addresses as the BGP
neighbors on the core switches?
Answer:
IMHO, you could configure following:
Make each of your core switches to prefer
routing out to one of your BGP routers. This can be easily done by configuring
an incoming route-map increasing weight or local preference BGP attribute for
prefixes received from the proper BGP router.
I suppose each of your BGP routers prefers
prefixes recieved from "his" ISP router, so outgoing routing should
be OK, too.
You would also need to configure HSRP in
each VLAN to prefer one or second of your core switches.
And configure MED on your BGP routers to
make proper subnets preferred for the returning traffic.
To make it clearer, let's make a simple
example:
Let's say you've got two VLANs only in your
LAN: VLAN1 with subnet 1.1.1 .1/24 and
VLAN2 with subnet 2.2.2.2/24.
So you configure HSRP on your core switches
to make Switch1 preferred in VLAN1 nad Switch2 preferred in VLAN2.
You configure BGP on Switch1 to prefer WAN
prefixes received from your BGP Router1 (increase weight combined with as-path
match possibly) and Switch2 to prefer
WAN prefixes received from your BGP Router2.
You aslo configure your BGP Router1 to
advertise the 1.1.1 .1/24 prefix with better MED than Router2 to the ISP (and
Router2 to advertise 2.2.2.2/24 with better MED than Router1) - to make the
returning traffic use the same path.
You can also configure similar BGP
route-map on your Router1 to prefer 1.1.1 .1/24
received from Switch1 over the same prefix received from Switch2.
And that's it!
The PCs in VLAN1 will take the Switch1 as
their default GW (active in HSRP for VLAN1).
Siwtch1 will route the outgoing traffic to
your Router2 and it will forward it to ISP router1.
The returning traffic will come to your
Router1.
And will be forwarded to Switch1.
The same is valid for VLAN2 but usining
Switch2 and Router2.
As there are the same prefixes received
from the second router/swicth with worse preference all the time, a backup path
would be available in a case of one connection failure.
This solution is a load sharing per subnet,
of course. So if traffic from/to one of your subnets will be much higher than
from/to the second subnet, one of your lines will also be load much higher.
It will also work only for VLANs connected
directly to your core switches.
In a case of any cascaded subnets connected
by another L3 device(s) in your LAN you would need to configure your IGP
routing to prefer one of your core switches while keeping the second as less
preferred.
And to make similar configurations on your
BGP routers for them.
没有评论:
发表评论